GPO & Password set to expire

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - General EFS Question EFS newbie here - We have an SBS2003 domain and most all work is done in the office on workstations. Some users are now looking at VPN from home and using Remote Desktop Connection to their workstations when necessary. This is good, but I would like to make sure that files that leave the office are not going to open or otherwise be usable to anyone. For example, if someone copied a file from our network over a VPN and then tried running it on their own (remote) computer, the fie would not open or run; But if they brought that same copied file back into our office, say on a floppy, it would run or open. From what I know, as long as the key to decrypt the file does not leave the network, then the file should only open on the network - Right? Thanks Paul Tag: GPO & Password set to expire Tag: 89806
  - 2
    - Security Alerts/Unable to get into some sites In the last few days I have been unable to get in some sites I have gotten into before. Today I tried to get into a 401K site where my money is invested. I got the Security Alert and it stated "the security certificate has expired and is not yet valid." Then I tried to get into a Medical site where I order my prescriptions. I got the same message. I tried to get into AOL help and was unable to get into this site either. How can I resolve this? -- Barbara Tag: GPO & Password set to expire Tag: 89799
  - 3
    - HOME PAGE Every time I open up my internet explorer instead of going to my home page it redirects me to a security site (http://eprotectpage.com/). It tells me I have a virus but I dont! I cant get my home page back! im a little worried about it. -- your friend jeff!! Tag: GPO & Password set to expire Tag: 89795
  - 4
    - Removing Microsoft Antispyware I hope that this is the right NG to ask this question, if not then perhaps someone can point me in the right direction. Several of the computers at work have Microsoft Antispyware installed, (with a bulls-eye icon on the desktop). As it is now outdated I tried to uninstall it by going to Add or Remove programs in the control panel but although the program is there, when highlighted there is no *Remove* button. Can anyone tell me how you remove this program? -- Thank you in advance for all assistance, Sandy In Perth, the ancient capital of Scotland and the crowning place of kings sandymann2@mailinator.com Replace@mailinator.com with @tiscali.co.uk Tag: GPO & Password set to expire Tag: 89793
  - 5
    - Do I need a CA\PKI I will be setting up an Active Directory network in the near future. I was wondering if I need a CA\PKI for my environment. Here is what I am looking at setting up. Two domain controllers, that will also serve as file servers. One of the domain controllers will have a tape backup unit connected to it running Backup Exec. IIS will not be installed anywhere in the domain. Users will have a home directory, and may have access to other shared directories as needed. The majority of users will be connecting to the domain in the LAN, and will not have access to the domain remotely. All the servers in the domain will be in the same location. Given this environment, do I need to set up a CA/PKI? If so what are the reasons and advantages of doing so? Thanks for any input. Tag: GPO & Password set to expire Tag: 89792
  - 6
    - Is it a Sasser worm? Hi all. Yesterday I started a shutdown of my server. It hanged for a while, then it displayed this message: (...) The system process 'C:\WINNT\system32\lsass.exe' terminated unexpectedly with status code 128. The system will now shut down and restart. So it seems there is a Sasser infection. But there are some points: - The server is a Windows 2000 Server SP4 OS. The sasser patch, KB835732, is installed since year 2004 - Security rollup and other hotfixes are installed, too - the antivirus software running on the server is up to date and it did not found any virus - the server is not connected with the Internet - there is not other evidence of this virus (registry key, avserve.exe, win.log, ecc.) So, what is happening? A new sasser variant? Another infected computer on the LAN is trying to infect the server? Or maybe this message is not always caused by this virus? Thank You. Tag: GPO & Password set to expire Tag: 89785
  - 7
    - Capicom Security Alert We've developed a web application on our internal Intranet, which includes the creation of a digital signature. This functionality is developed using the capicom dll. When capicom is initiated from IE a number of security alerts are displayed about accessing the local certificate stores. We are receiving complaints from our end users about how many prompts they are receiving. One of the capicom prompts allows the user to tick a check box to stop it appearing again when the user accesses the same website. This works fine for the browser session but as soon as the browser is closed down this flag is lost and the prompt appears next time the user tries to produce a signature. Is this how it is meant to work? And is there any way of maintaining this across browser sessions so that the user does not have to click on this prompt everytime they create a signature on our internal website? Any suggestions would be greatly appreciated. Many thanks. Tag: GPO & Password set to expire Tag: 89784
  - 8
    - OneCare Subscriptions There's probably a OneCare newsgroup, but I couldn't find it. I'm interested in knowing how to view my multiple PC subscriptions through OneCare. For each $50 subscription, I can protect up to three PCs. But I haven't been able to figure out where I can go to view which PCs are on what subscriptions (I have more than one) and how many more openings I have per subscription, etc. In other words, I'm looking for a breakdown of my PC distribution on a subscription by subscription basis. Any help, or a point in the right direction would be appreciated! -Anthony J. Tag: GPO & Password set to expire Tag: 89777
  - 9
    - Norton 2006 security check reports hacker threat ports 80 443 I am not familiar with port operation, but when I run security checks I am told there is a "hacker threat" because these ports are open. They are the hppt and https ports and I don't know why this is a problem. I am fairly certain there are no virus ,spyware, malware, etc. on my system. What should I check? Symantec has not been very helpful. Windows XP SP2. -- Randu Tag: GPO & Password set to expire Tag: 89770
  - 10
    - Antivirus Does Microsoft or anyone else have a recommended virus protection for Domain Controllers? Also as I understand it, the new Antigen is for Exchange and sharepoint servers? Is it designed to replace like symantec corporate on just those servers? Tag: GPO & Password set to expire Tag: 89765
  - 11
    - Important...Interesting...Danger behind some file types ?? I have played with Windows XP professional for some time and I see that some Microsoft applications such as Outlook Express and MSN / Windows Live Messenger flags many file types as 'dangerous' because it could contain some kind of code that could somehow compromise the system such as .EXE .SCR .BAT .COM .SCR .PIF .HTA .VBS .JS .HLP .CHM .REG .INF and many others. at each one it is clear that it can compromise the system via executable code eg. EXE BAT COM PIF SCR or some kind of script code, eg. in HLP, HTA VBS and JS files. Now my question... why do they also flag .URL and .SCF files as dangerous ? I searched everywhere on those files structures and how they are 'scripted' but didnt find anything that could directly compromise the system. the URL file (internet shortcut can do the same, if not less then an HTML file but HTML files are not flaged as dangerous. in URL files you can assign any shortcut u want or execute local files using 'file:///' protocol, but with HTML it is also possible to display the content of an arbitrary external website via IFRAME tag and execute local files using the OBJECT tag. so I wonder why URL files are dangerous and blocked ?? also .SCF files why they are dangerous?...Microsoft provided very little documentation on these files but the most 'harm' it can do is minimize all opened windows hehe. so I would really appreciate if someone, perhaps some Microsoft security professional gave me some light here. By the way a specially crafted desktop.ini file can be much more dangerous but .INI files are not flagged or blocked. Also something tricky with INF files. If you download an INF file and open it, Internet Explorer warns asking if you really want to execute the 'software'. Why is that if the INF file has the default OPEN command set to notepad.exe. (double clicking the file opens it in notepad). To install it, it should be right-clicked and select install. So warnings should only go to the 'INSTALL' command, this way it would not confuse users or give a false alarm of 'danger'. thanks very much in advance and hope to hearing from someone soon :) Tag: GPO & Password set to expire Tag: 89761
  - 12
    - firewalls Is is it bad to run two firewalls at the same time ???? I have trendmicro pc-cillin 2006 witch has a firewall in the internet sec system ... I installed sunbeltsoftware kiero personal firewall.. But I have to keep restarting the service from start, run, services.msc... Can i lower the firewall settings on trend to medium , its on med high... to run both.. Any info will help ... tyvm.... Tag: GPO & Password set to expire Tag: 89760
  - 13
    - Setting up 2 domains with one way trust to dmz What I have now is a domain on the inside interface of a firewall and workgroups on the dmz. I am thinking for easier administration that making a second domain on the dmz with a one way trust would help cut down the administration of accounts and such. To me it looks fairly straight forward for the domain creation. I would create a new domain like dmz.xxxxx.com for the dmz with inside domain being xxxxx.com. Now the big question what ports need to be open for all this to work correctly on the firewall? I found ms artical 179442 which lists a ton of ports that need to be opened to make this work. I have no problem with the server ports its the client ports that I don't like. maybe I am reading it wrong or something. any help would be most welcome. list of server ports 135/tcp RPC 389/TCP/UDP LDAP 636/TCP LDAP SSL 3268/TCP LDAP GC 3269/TCP LDAP GC SSL 53/TCP/UDP DNS 88/TCP/UDP Kerberos 445/TCP SMB Client ports 1024-65535/TCP/UDP or is this the same as I have configured already on the firewall of any on the inside has access to dmz? Tag: GPO & Password set to expire Tag: 89756
  - 14
    - EFS algorithm Hi, which common algorithm can be used in a windows 2000, XP and 2003 environment for efs, assuming that on all os' the latest service pack is applied and on the w2K the high encryption pack is installed? I've found some on the Internet saying desx and others 3des. Thanks and regards Ueli Tag: GPO & Password set to expire Tag: 89754
  - 15
    - What is this? We have a form that was submitted with a lot of crazy stuff in it. Any ideas what this could be? ----------------------------------------------------------------------- <a href="http://11.gotope.com/pentola-fondue-bourguignonne/"> pentola-fondue-bourguignonne </a> http://18.bonn-coach.com/gioco-pugilato/ <a href="http://19.nmkjj.com/box-esterno-tv/"> box-esterno-tv </a> <a href="http://4.gotope.com/corsetteria/"> corsetteria </a> http://11.bonn-coach.com/ragazza-sesto/ <a href="http://4.nmkjj.com/tetta-piu-grande-mondo/"> tetta-piu-grande-mondo </a> <a href="http://9.nmkjj.com/inurl-guestbook-php-page-od/"> inurl-guestbook-php-page-od </a> http://13.mcfc-fans.com/hotel-campofelice-di-roccella/ <a href="http://6.mcfc-fans.com/acicastello-immagini/"> acicastello-immagini </a> <a href="http://3.diederichwedding.com/psicologia-it/"> psicologia-it </a> http://18.nmkjj.com/capodanno-lazio/ <a href="http://17.bonn-coach.com/borsa-pinko/"> borsa-pinko </a> <a href="http://19.gotope.com/dario-antiseri/"> dario-antiseri </a> http://18.mcfc-fans.com/auto-noleggio-carre/ <a href="http://15.mcfc-fans.com/giochi-gratis-nokia-7250/"> giochi-gratis-nokia-7250 </a> <a href="http://11.diederichwedding.com/pok-e8mon/"> pok-e8mon </a> http://19.diederichwedding.com/wireless-sicurezza-mac-address/ <a href="http://8.gotope.com/lavoro-bettola/"> lavoro-bettola </a> <a href="http://17.gotope.com/legge-elettorale-2006/"> legge-elettorale-2006 </a> http://5.mcfc-fans.com/versione-latino-and-nepote/ <a href="http://5.diederichwedding.com/itinerario-chianti-vacanza/"> itinerario-chianti-vacanza </a> <a href="http://3.gotope.com/fontana-feng-shui/"> fontana-feng-shui </a> http://7.diederichwedding.com/mp3-tinturia/ <a href="http://6.diederichwedding.com/viaggio-finlandia/"> viaggio-finlandia </a> --------------------------------------------------------------------- your help would be greatly appreciated. Rich Tag: GPO & Password set to expire Tag: 89753
  - 16
    - Using Cipher for Default Encryption Settings We have a client who would like to encrypt data with EFS. The client would like to have it setup so that all data folders are encrypted by default. The client would also like to have it setup that new directories created by the user are also tagged for encryption by default. Basically the client doesn't want the user to "accidentally" have unencrypted data on the hard drive. I am looking for an alternative to Whole Disk Encryption products, and I would like to use EFS. I know EFS can not be used to protect system files or the root directory. That's ok. My question is, can I use the cipher.exe command to set all possible (non-system, non-root) directories to be tagged for encryption? I am thinking about the following command: cipher /e /i /s:c:\ I believe this will set the encryption flag for all directories starting the root directory, and ignoring the errors (for c:\, c:\windows, & any other system directories). My understanding is that this flag means any new files or directories created or copied into these "encrypted-flagged" directories will be encrypted on the write. Then, a second command of: cipher /e /a could be used to actually encrypt the file data in certain directories such as My Documents to encrypt current, existing data on the hard drive. Does anyone have any experience with this? Thanks -MB Tag: GPO & Password set to expire Tag: 89752
  - 17
    - files on ur web directory Hi All, i found that : "In order to reduce a web application attack surface, only web application pages should be kept on the web directory and any other files should be removed to any other local folders." my questions are: 1- is that true?? and why?? 2- what are exactly the file extensions that are allowed to be left on the default web directory?? 3- what are the type of files that are considered to be vurneable???? finally, if anyone one has any reference for such a topic, i'll be happy receiving it :) thanx for ur help and reply :) Tag: GPO & Password set to expire Tag: 89751
  - 18
    - Lingering corruption issues from MS06-049 - KB article 925308 This new article speaks to a fix to the problem created by 06-049. If the patch is broken why is this not a re-release of the patch? I see none of the usual "Microsoft only recommends applying this to systems experiencing the problem..." I take it then that every system on which 06-049 is installed is still potentially vulnerable to file corruption. If so then 925308 is in fact a vital patch not for security's sake but for data protection's sake. MS please respond. Should we apply this fix to all systems that have 06-049 installed. Tag: GPO & Password set to expire Tag: 89743
  - 19
    - Important Information Check out: www.Brandon-Lands.com Tag: GPO & Password set to expire Tag: 89741
  - 20
    - Kerberos UDP vs TCP Hi everybody I'm facing some problems with Kerberos authentication using UDP protocol. As suggested by Microsoft using TCP protocol the problem has been solved instead. Questions: Why Microsoft uses UDP by default if there are authentication problems? What would be the global impact on the network (WAN) using Kerberos authentication through TCP? Would it be a suitable solution? Any help really appreciated. Tag: GPO & Password set to expire Tag: 89737
  - 21
    - Security settings change locks program I'm using Windows Server 2003 and I was trying to add a user to the user list under the security tab of a folder and it seems to just lock up when I hit apply or ok. I have let it sit for over 30 mins with no progress. I did a small subfolder and that worked. Is it just slow to apply the setting to all the sub folders? Is there a way to make this run smoother? Thanks. Tag: GPO & Password set to expire Tag: 89728
  - 22
    - IBM THINK PAD CAN anybody help have being given a n ibm thinkpad and cant turn on wi-fi Tag: GPO & Password set to expire Tag: 89726
  - 23
    - Audit Logging for the NIC Properties Is it possible to audit a network interface driver's properties? That is, an administrator goes into a local area connection, configures the NIC, and changes Flow Control (or some such driver property). Can this action be logged and audited? This is for Win2003 Server Standard Edition running in a Win2003-native Active Directory domain. Thank you in advance, J Wolfgang Goerlich Tag: GPO & Password set to expire Tag: 89723
  - 24
    - pki - CRL questions Designing a basic w2k3 pki for internal purposes. Three tier (root & intermediate offline, enterprise isuing). Might be expanded to support external (outside AD forest, outside internal WAN) use in the near future. Do I need to publish CRL's and AIA to external accessible webservers from the start, or can I start with internal publishing only? Can the CRL publishing list be changed for all CAs (external HTTP address added) without much reconfiguration at a later stage? What is the preferred order, when using mostly AD integrated clients: ldap or http first? I want this design to be flexible, not directly needing an extra layer of intermediate and issuing CA's when external used certs are needed, but also want to prevent making irreversible decisions... Tag: GPO & Password set to expire Tag: 89722
  - 25
    - ipsec ports I am going to setup IPSEC tunnels between windows servers that pass through different firewalls owned by other organizations. I need to submit requests to the other firewall admins requesting ports and protocols be opened up and I want to get it right the first time. What ports are required to be open for the handshake and communication of ipsec between two windows servers through a firewall? Thank You Erik Tag: GPO & Password set to expire Tag: 89720
- Next
  - 1
    - Security Updates I am wondering why no security updates from Windows Update for November. Usually by now we have them for the month. I have tried using IE7 four times and uninstalled each time and back to IE6, because it just is too much trouble to try to fix bugs. But the update icon apears in system tay to update to IE7. Is it because we are going to be forced to update to IE7 in order to get critical updates? Tag: GPO & Password set to expire Tag: 89718
  - 2
    - Windows Defender Does the windows defender get all spyware programs out. I have been using spyware programs for a long time and i have come across alot of spywre which cannot be removed by some programs for instance. cam it remove Vundo? or other programs which are difficult to get out? Snooza~Plz Reply asap as i think i might be watched. Tag: GPO & Password set to expire Tag: 89716
  - 3
    - User cannot FTP file from local disk to website. The user can connect to the website (using an FTP client software) but cannot upload a file. The client software just hangs. I (as administrator) can perform the upload. It must be a Server 2003 security issue. The client ftp program is WSPTF_Pro. -- Regards Tom Tag: GPO & Password set to expire Tag: 89713
  - 4
    - firewall configuratioin I do not know which of these to allow or block or make me ask I have no ideal what I am doing configuring the firewall do I block, allow theses or make them ask me? Internet Connection Sharing? Windows RPC service? DHCP protocol client? DNS protocol client? ICMP network diagnostics? Destination Unreachable? Ident Service? Protocol AH? Protocol ESP? Protocol GRE? L2TP VPN? PPTP VPN? Tag: GPO & Password set to expire Tag: 89712
  - 5
    - question about IAS and PEAP MS-CHAP V2 (wireless authentication) Hey guys this is my first post. I have a question about IAS, PEAP MS-CHAP V2, and wireless. I am using MS-CHAP V2 to authenticate PDAs on our wireless network. Because we are using MS-CHAP V2, we are using AD credentials to authenticate the clients. Everywhere I have read it states that we have to install the server certificate onto the device. I have found a loop hole though. Both on the wireless PDA and laptops, we can choose not to validate the server certificate. I can still authenticate to the IAS server (wireless) but I have not installed the server cert onto the device (because I have unchecked the validate server checkbox both in zero config and the wireless application). This is my question, if we don't validate the server and if we don't have the server cert, won't the transmission of the user account and password be in clear text? Is there a way on the IAS server that we have to force the clients to have the server cert or they wont be authenticated? Thanks, Peter Kim Tag: GPO & Password set to expire Tag: 89711
  - 6
    - Windows Firewall Exception: RunDLL32 Is it normal for RunDLL32 to show up in the Windows Firewall Exception list? How about Explorer.exe? -- Gary S. Terhune MS-MVP Shell/User http://grystmill.com/articles/cleanboot.htm http://grystmill.com/articles/security.htm Tag: GPO & Password set to expire Tag: 89700
  - 7
    - Someone hacked into my computer... I'm under the impression that my computer has been hacked into. It seems whoever it was took a special likeing to my school files (mainly papers I've written over time), as that folder is now empty. Fortunately windows recorded the last date and time the contents of that folder were "modified". My question is is there some way I can see who was in my computer at that time? This happened somewhat recently I'm guessing (about 2 days ago according to windows). Seeing as I was on the computer at the time specified, I know it wasn't anyone I live with. Thanks to anyone that can help. Tag: GPO & Password set to expire Tag: 89698
  - 8
    - Mcafee removel 'I have tried uninstalling mcafee even to the point of going on mcafee's website and downloading thier uninstall exe. It says it is compeletly uninstalled and i reboot . But then it is still in add and remove. I want to install their new mcafee security , but it will not let me because the old one is still on my comp. I have tried and am ready to throw this comp in the trash if I cant get it to do what I need. HELP HELP ! Thank you Tag: GPO & Password set to expire Tag: 89694
  - 9
    - security template unreadable On a windows 2000 system recently updated to sp4, I have been getting 2 regular security-rleated events in the event/application log 1) one a warning SecCli event 1202--Security policies are propagated with warning. 0xd : The data is invalid. Please look for more details in TroubleShooting section in Security Help. 2) an error: Usrenv event 1000 The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (13). None of the knowlege base articles on these errors seem to apply to my situation. Winnt\security\log\winlogon.log reports "Reading Configuration template info...Error 13: The data is invalid. secreateglobalprivilege is not a valid privilege." In the management console, windows is unable to read the basic security template. I'd appreciate it if someone could tell me if these errors are causing any practical problems--especially my inabilty to start rasman (unable to create buffers) or cannot connect with mysql (connection lost). And, if so, what's the fix? I'm not a newbie, but neither am I an expert in this area. Thanks Tag: GPO & Password set to expire Tag: 89692
  - 10
    - Cant open CMD/taskmanager Hi, Can anyone help me, i cannot seem to open the Command Prompt or my Taskmanager. I think i may have a virus, but cannot find it with Mcaffee. Any suggestions? Tag: GPO & Password set to expire Tag: 89689
  - 11
    - UserOverRide key on Win2003 I'm trying to OverRide the screeen saver seetings like a do for Win200. It's configured at: HKLM\SYSTEM\CCS\Control\Terminal Server\Winstation\ICA-TCP\USEROVERIDE\Control Panel\Desktop under this I created ScreenSaveActive = 0 ScreenSaverIsSecure = 0 ScreenSaveTimeOut = 4500 I'm using under ICA-TCP key, beucase it's for a Citrix server/connection. But it does not work for Win2003, just for Win2000 any idea? thanks in advanced.. Tag: GPO & Password set to expire Tag: 89683
  - 12
    - W2K3 3-tier CA Implementation I have been trying to follow all of the best practices and recommendations for a W2K3 Enterprise CA solution. I have the Root installed, still online for right now, and have been trying to get the Intermediate CA that will be used for policies set up. I would like to follow Microsoftâ??s lead and use a 10 year, 2040 bit certificate. I have copied the Subordinate Certification Authority template and increased it to 10 years, copied the new OID and description from Intermediate Certification Authority and used both of them in the CAPolicy.inf file in C:\WINDOWS, but I keep getting 2 year certificates. After resolving, I will need to create Issuing CA certificates from the Policy CA that are 5 years and 2048 bits. Thanks for ALL of the input. Tag: GPO & Password set to expire Tag: 89680
  - 13
    - If my computer is a single PC with ADSL connection, can I leave the password blank when I login the XP? I am not using LAN, and I am the single user of PC. Is it secure that I leave the password of user blank when I login the Windows XP? -- Thank you for your help! Tag: GPO & Password set to expire Tag: 89679
  - 14
    - Computer Auto Enrollment for non-windows platforms I need to enroll non-windows computers for a computer certificate that I'm planning to use for VPN. How have people done this? The non-windows computers are joined to the domain (have a real computer account, and password). I would like to write some code to auto-enroll them when they are joined to the domain. Is there any published protocol for Microsoft's Certificate Authority that can be used for this? Can enrollment be performed using HTTP? Paul Nelson Thursby Software Systems, Inc. Tag: GPO & Password set to expire Tag: 89674
  - 15
    - Keylogger? Recently, I noticed my Windows XP was automatically locking itself after it was idle for a certain time. This has only started in the last day or so. I recently had someone around my computer, unsupervised. I am worried that this person may have accidentally, or intentionally, installed some form of spyware on my computer. I ran Adware and Norton Anti-Virus and nothing returned, but I find it odd that this is now happening. Is this a new setting change that may have been updated in Windows Updates? Could this be a sign of spyware, keylogger, virus, etc.? Tag: GPO & Password set to expire Tag: 89667
  - 16
    - Local Security Policy Background: Very Recent switch from Novell to Active Directory. After joining all workstations to the new domain, we have had a couple that will logon without certain services running. I have narrowed things down to a missing entry in the local security policy. For some reason our Group Policy for the domain will not push down to these few workstation and the changes I make loaclly disappear after a reboot. Although everything will work as it is supposed tofor that one boot. Another reboot will result in the original problem. The exact change that I am making is in the secpol.msc is Local Policies > User Rights Assignment > Impersonate a client after authentication ASPNET, Administrators, SERVICE Before adding the permissins this field was blank. After a reboot it goes back to blank even though our group policy is pushing out the same settings I added locally. I just can't get it to save. I also tried to import a template with the same end result. Any ideas? Tag: GPO & Password set to expire Tag: 89665
  - 17
    - Assign permissions to create other users to Users account Hi, Is there a way to give an account in the Users group in XP permissions to add other User accounts? This would be similar to the capability that PowerUsers have to have create accounts in the User group. Any ideas? Thanks, Nick Tag: GPO & Password set to expire Tag: 89659
  - 18
    - New Tool from Microsoft System Internals A new tool from Mark Russinovich (formally of System Internals) of Microsoft is available for trouble shooting malware problems. See about Process Monitor here: http://www.eweek.com/article2/0,1895,2054266,00.asp Download from here: http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx -- Regards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! Tag: GPO & Password set to expire Tag: 89656
  - 19
    - LSA not loading Self authincation filter What would keep LSA from loading a seft-authinication filter from loading on a 2003 Active Directory server? Tag: GPO & Password set to expire Tag: 89651
  - 20
    - General Recommendation I am trying to weigh the pros and cons of allowing a set of users in my enviroment to use public wireless (hotel etc). These users are s specific group (politicians). They are travelling to hotels with their laptops. The laptops could contain sensitive data and do not currently have any form of encryption etc. Does anyone have any recommendations on where to start or what to implement before allowing wireless? Tag: GPO & Password set to expire Tag: 89649
  - 21
    - HELP!! Please. I screwed up Group Policy Editor Hello, I'm panicked right now since I have messed up one of our training machines. We log into a NT4 Domain (Samba-Linux) basically a file server from Win XP Pro. To prevent students from running certain program I inadvertenly changed the 'Run only allowed programs' to IE and Word. I didn't realize it would affect the local Administrator account too, now I'm screwed because I cannot get back into GPEDIT to make the changes. I tried this at home on my laptop but since I am not on a domain I was able to log into Safe Mode and fix the problem but this is not the case on a machine that belongs to a Domain. Can anyone help please!!! Desperately seeking a solution. Thank you. Tag: GPO & Password set to expire Tag: 89648
  - 22
    - Error Code 0x80070057 Hello, A error code 0x80070057 popped up on my screen this morning. This is the first time I have seen this one, XP Home SP2 has been running problem free for a long time. The error code said: Problem preventing Windows from checking license for this computer. I do have a XXXXX-XXX-XXXXXXX-XXXXX serial number. Any help on this will be appreciated. TIA Tag: GPO & Password set to expire Tag: 89644
  - 23
    - Hardware considerations for PKI In your experience, any practical hardware capacity planning I should be aware when selecting hardware for a PKI infrastructure ? I am planning to use total of two physical servers for redundancy. I would put the Off-line root CA in a Virtual machine and keep it shut down. I am plannig to use a 3.0GB Pentium, 4GB RAM server. From what I have been reading there is no major prcessing power to worry about. I have total of 4 DC's, total of 15,000 user accounts, but only 6,000 clients. Tag: GPO & Password set to expire Tag: 89643
  - 24
    - Interoperability between Window 2000 and 2003 Enterprise CAs I have a win2k enterprise root and subordinate CA I would like to introduce another subordinate CA on our DR site. Can I introduce an enterprise win2k3 CA into the existing heirarchy (In a nutshell are they compatible)? Tag: GPO & Password set to expire Tag: 89642
  - 25
    - ? ccApp With Windows XP Home Edition on shut down on some occasions the window ccApp appears. What is this? Tag: GPO & Password set to expire Tag: 89631

When a user logs onto the domain from their workstation and the "user must
change password at next logon" option is selected if they type a password
less then 3 characters it gives an error message. I'm not sure why this is
happening. The group policy object does not have a minimum password
selected. If I have them type the same password on the domain controller
under "reset password" it accepts the password as they type it. Do I have a
policy set wrong?? After typing the password on the server reset password
option they are able to logon to the domain on the workstation with that
password with no problem?

Thanks for your help.
Kim

Top

Re: GPO & Password set to expire by Florian

Florian
Mon Nov 20 02:24:28 CST 2006

Howdie Kim!

Kim wrote:
> When a user logs onto the domain from their workstation and the "user must
> change password at next logon" option is selected if they type a password
> less then 3 characters it gives an error message. I'm not sure why this is
> happening. The group policy object does not have a minimum password
> selected. If I have them type the same password on the domain controller
> under "reset password" it accepts the password as they type it. Do I have a
> policy set wrong?? After typing the password on the server reset password
> option they are able to logon to the domain on the workstation with that
> password with no problem?

Where have you linked the Password Policy? It is only valid at Domain
Level. Linking it anywhere else would target local user accounts on
machines, not domain accounts.

cheers,

Florian
--
Nachwuschsadmin aus dem SÃ¼ddeutschen/Germany.
eMail: Vorname [bei] frickelsoft [Punkt] net.
blog: http://www.frickelsoft.net/blog.

Top